New worm targets portable storage devices
Security researchers at Sophos are warning companies about a new family of worms that is targeting removable storage devices, including USB memory sticks and floppy disks.
The worms, formally named W32/SillyFD-AA, spread by copying itself onto removable drives, and then automatically runs when the device is next connected to a computer. It also changes the title of Internet Explorer windows to append the phrase “Hacked by 1BYTE.”
“With USB keys becoming so cheap they are increasingly being given away at tradeshows and in direct mailshots. Marketing people are prepared to use them as ‘throwaways’ with the aim of securing sales leads,” said Graham Cluley, senior technology consultant for Sophos.
“Computer owners should tread very carefully when plugging an unknown device into their PC, however, as it could have malicious code planted on it. With a significant rise in financially motivated malware it could be an obvious backdoor into a company for criminals bent on targeting a specific business with their malicious code.” Cluley added.
He said that hackers are now looking for less defended entry points into organisation’s infrastructure as more businesses now have strong defenses in place to protect against Malware and USB devices offered a way in.
“In this example, changing the title of the Internet Explorer browser’s windows should be a pretty clear sign to most people that something strange is afoot,” said Cluley. “It also indicates that this particular variant of the worm has not been written with completely clandestine intentions. A more savvy internet criminal would have not made it so obvious that the PC has been broken into, but silently steal from the PC without leaving such an obvious clue.”
However, Sophos warned that the same type of attack could be used to spread far more malicious programs such as spyware or rootkits.
Users are advised to turn off the Autorun feature in Windows so that removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC.
Experts have also advised that any storage device that is attached to a computer should be checked for viruses and other malware before actual use. Regularly updating users security software is also highly recommended.
Related Posts:
